“There are multiple threat entry points. What we talkabout when we look at capabilities that we want to putout there are threat characteristics and threat groupings.You look at it from an outsider threat, an insider threatand then you want to look at your supply chain.”By supply chain security, the concept is to makesure that when the components of systems are pur-chased, the heritage of the parts is known and they arecertified to be free of malware.

Ensuring the integrity of the supply chain is one
aspect of cyber hygiene, reducing insider cyber threats
by practicing fundamental, routine secure practices
such as protecting passwords, ensuring software is up
to date and knowing who has access to which systems.

“If we do those things, we will protect approximately 75 to 80 percent of the vulnerabilities out there
today,” Williford said.

Cyber hygiene also is stressed by Stu Young, director of systems engineering for NAVAIR and director
of its Cyber Warfare Detachment. By training aircraft
maintainers about hygiene, he said, systems “can be
protected by the human in the loop and by having
dedicated maintenance and logistics personnel. … We
consider the people the first line of defense.

“The least expensive thing we can do is to makesomebody aware: never connect this laptop to theaircraft under these circumstances, make sure you’veflipped all these switches off, make sure you’vepowered down these systems,make sure that the softwarehas been signed by a designatedauthority and that it has beenreviewed and cleansed,” Youngsaid. “We can make tremendousprogress just through good aware-ness and training and procedurestandardization, as opposed toelaborate technology fixes whichare very expensive.“The way we characterize thethreats to our weapon systems andcontrol systems is by attack sur-face and attack vectors,” he said.“Attack surface is all the differentways somebody can get into ourinformation technology and sys-tems and then do something toaffect its performance. The attackvectors are the very specific meth-ods they might use to do that,whether it is through the supplychain, maintenance equipment,human intelligence or devious means. We try to protectin various degrees against all of those.”One attack surface is “malicious software which ismore typical in the enterprise IT environment,” Youngsaid. “Those are cases where whether it is to supportequipment or maintenance or a software load of somekind, somebody injects a virus into the weapon systemthat was probably intended for something else but itcan cause our systems to malfunction, slow down, notoperate properly. So, in a weapon system context, it con-tributes to I’d say is the fog of war for the operators.”The second attack surface would be a more pointedattack, “typically malformed data with a trigger,” hesaid. “That is data that finds its way in there and nowit is sitting there latent on the system. We may nothave a clear indication that it is there if we haven’treally looked for it. And if we don’t know it’s there,at the worst possible time, it can come back and biteus by blocking communications or navigation or evencausing a weapon to malfunction.“In the very worst case, it could bite us by havinga kinetic effect where it causes a critical safety systemnot to perform, like an engine ignite, and, literally,take down an aircraft,” Young said.NAVSEA embraces a concept called defense in-depthfunctional implementation architecture, segregatingthe enclaves of a ship — weapons, navigation, HM&E,aviation, etc. — with virtual or physical boundaries suchU.S.NAVYChief Warrant Officer Vergel Amado stands watch in the combat information center aboardthe Arleigh Burke-class guided-missile destroyer USS Curtis Wilbur Sept. 9 in the Philippine Sea.Navy efforts to protect the combat systems of ships and aircraft from cyber attack must be rec-onciled with its initiatives to seamlessly network its forces.